Full Content Data

The following are example Full Content (think Snort as packet logger via log_packets.sh) disk usage scenarios for various production sensors. Please follow the initial templates when adding your information. Thank you!

Data Collection Methodology

Disk Usage: This is the amount of space occupied by the snort.log.$TIMESTAMP files in /nsm/$SENSOR/dailylogs for the period in question (30 Jun - 13 July, inclusive).

Disk Usage: This is the amount of space occupied by the snort.log.$TIMESTAMP files in /nsm/$SENSOR/dailylogs for the period in question (13 July - 21 July, inclusive) using FreeBSD netgraph by connecting two nodes(NICs).

For his own purposes, one NSM practitioner uses the rule of thumb that 1500 MB per 1 Mbps of traffic per day is needed for full content data. As an example, a 50% average utilization 100 Mbps link requires 75000 MB (75 GB) of disk space per day, so recording 14 days of session data requires 1333 GB (over 1 TB).